No, we are not deploying as war file. And the application /lib currently having followed log4j files.
-rw-r-----. 1 fruser fruser 16431 Aug 25 2022 jcl-over-slf4j-1.7.21.jar -rw-r-----. 1 fruser fruser 4597 Aug 25 2022 jul-to-slf4j-1.7.21.jar -rw-r-----. 1 fruser fruser 41071 Aug 25 2022 slf4j-api-1.7.21.jar -rw-r-----. 1 fruser fruser 16831 Aug 25 2022 i18n-slf4j-1.4.4.jar -rwxr-xr-x. 1 fruser fruser 301872 Mar 2 17:28 log4j-api-2.17.1.jar -rwxr-xr-x. 1 fruser fruser 1790452 Mar 2 17:28 log4j-core-2.17.1.jar Regards, Guru. -----Original Message----- From: Christian Grobmeier <grobme...@apache.org> Sent: Friday, April 21, 2023 4:55 PM To: Gurumoorthi Vijayalingam <gvijayalin...@simeio.com>; dev@logging.apache.org Subject: Re: [External] Re: Log4j Issue CAUTION: This message was sent from outside of the company. Please do not click links or open attachments unless you recognize the source of this email and know the content is safe. Are you deploying your application as a war file? If so, can you unzip that war file and search for log4j there? -- The Apache Software Foundation V.P., Data Privacy On Fri, Apr 21, 2023, at 13:21, Gurumoorthi Vijayalingam wrote: > No, am not able to find log4j version in tomcat lib folder. The > problem occurred when we upgraded the jar files from 2.2 t o2.17 > > > Regards, > Guru. > > -----Original Message----- > From: Christian Grobmeier <grobme...@apache.org> > Sent: Friday, April 21, 2023 4:36 PM > To: Gurumoorthi Vijayalingam <gvijayalin...@simeio.com>; > dev@logging.apache.org > Subject: Re: [External] Re: Log4j Issue > > CAUTION: This message was sent from outside of the company. Please do > not click links or open attachments unless you recognize the source of > this email and know the content is safe. > > > Hello Gurumoorthi, > > please subscribe to dev@logging.apache.org by sending an empty message > to dev-subscr...@logging.apache.org. > It is hard for our message moderators to manually moderate your > messages through. > > You need to find the log4j version of Tomcat. Please search for this. > it could be in the lib folder of Tomcat. > > You can also search the whole installation of Tomcat for "log4j" or > "log4j-core-2.2.jar", then you should find it. > > Kind regards, > Christian > > > -- > The Apache Software Foundation > V.P., Data Privacy > > On Fri, Apr 21, 2023, at 12:51, Gurumoorthi Vijayalingam wrote: >> Any help on this request ? we stuck. >> >> -----Original Message----- >> From: Gurumoorthi Vijayalingam >> Sent: Thursday, April 13, 2023 7:36 AM >> To: Christian Grobmeier <grobme...@apache.org>; >> dev@logging.apache.org >> Subject: RE: [External] Re: Log4j Issue >> >> Hi Team, >> >> We tried the steps as Christian mentioned in below email, but still >> getting same error. Please help us to fix this issue >> >> Thanks, >> Guru. >> >> -----Original Message----- >> From: Christian Grobmeier <grobme...@apache.org> >> Sent: Tuesday, March 21, 2023 2:17 AM >> To: Gurumoorthi Vijayalingam <gvijayalin...@simeio.com>; >> dev@logging.apache.org >> Cc: Paolo Gil Ostrea <post...@simeio.com>; Roark Hamilton >> <rhamil...@simeio.com>; Bhavana Pujari <bapuj...@simeio.com>; >> Sireesha Kutala <skut...@simeio.com> >> Subject: Re: [External] Re: Log4j Issue >> >> CAUTION: This message was sent from outside of the company. Please do >> not click links or open attachments unless you recognize the source >> of this email and know the content is safe. >> >> >> Hello Gurumoorthi, >> >> Piotr already responded to your email: >> >>> MapLookup#newMap changed from private (as in 2.2) to package (as in >>> 2.17.1) in the course of history. Your Tomcat is picking up the >>> private one, which means that log4j-core-2.2.jar is still on the >>> classpath. >>> Double check that the old Log4j2 version are no longer there and >>> restart Tomcat to be sure. >>> >>> Piotr >> >> If this information does not help you, respond to >> dev@logging.apache.org as Dominik told you. >> >> Kind regards, >> Christian >> >> >> -- >> The Apache Software Foundation >> V.P., Data Privacy >> >> On Mon, Mar 20, 2023, at 17:27, Gurumoorthi Vijayalingam wrote: >>> Hi Team, >>> >>> Can you please help us to fix this issue. >>> >>> Regards, >>> Guru. >>> >>> From: Dominik Psenner <dpsen...@gmail.com> >>> Sent: 04 March 2023 02:16 >>> To: secur...@logging.apache.org >>> Cc: Paolo Gil Ostrea <post...@simeio.com>; Roark Hamilton >>> <rhamil...@simeio.com>; Gurumoorthi Vijayalingam >>> <gvijayalin...@simeio.com> >>> Subject: [External] Re: Log4j Issue >>> >>> CAUTION: This message was sent from outside of the company. Please >>> do not click links or open attachments unless you recognize the >>> source of this email and know the content is safe. >>> >>> Hi >>> >>> I'm CCing the original author of the message. Please read below. >>> Further please consider posting to the proper mailing list. The >>> request is not about a security issue and probably should have been >>> posted to dev@logging.apache.org<mailto:dev@logging.apache.org> >>> after subscribing to that mailing list. >>> >>> Warm regards >>> Dominik >>> -- >>> Sent from my phone. Typos are a kind gift to anyone who happens to find >>> them. >>> >>> On Fri, Mar 3, 2023, 21:17 Piotr P. Karwasz >>> <piotr.karw...@gmail.com<mailto:piotr.karw...@gmail.com>> wrote: >>> Gurumoorthi, >>> >>> On Fri, 3 Mar 2023 at 19:04, Gurumoorthi Vijayalingam >>> <gvijayalin...@simeio.com<mailto:gvijayalin...@simeio.com>> wrote: >>>> Just attached the error message and log4j configuration for your reference. >>> >>> MapLookup#newMap changed from private (as in 2.2) to package (as in >>> 2.17.1) in the course of history. Your Tomcat is picking up the >>> private one, which means that log4j-core-2.2.jar is still on the >>> classpath. >>> Double check that the old Log4j2 version are no longer there and >>> restart Tomcat to be sure. >>> >>> Piotr
